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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS. 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to comnriunication(s) filed on 12/27/05 . 
2a)\3 This action is FINAL. 2b)S This action is non-final. 

3) \Z\ Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11. 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-4, 6, 8. 10-21. 23. 25.27-38. 40, 42 and 44-51 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed, 

6) KI Claim(s) 1-4, 6. 8, 10-21. 23, 25,27-38, 40, 42, 44-5 1 is/are rejected. 
?)□ Claim{s) is/are objected to. 

8) 0 Claim{s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10)0 The drawing{s) filed on is/are: a)[3 accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
11 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)n Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)n All b)n Some * c)^ None of: 

1. n Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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1) □ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5) □ Notice of Infomiai Patent Application (PTO-152) 

Paper No(s)/Mail Date . 6) □ Other: . 
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DETAILED ACTION 

Claims 1-4,6.8-21,23,25-38,40. and 42-51 have been considered. 

Continued Examination Under 37 CFR 1.114 

5 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 

CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for 
continued examination under 37 CFR 1.1 14, and the fee set forth in 37 CFR 1.17(e) has been 
timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 
1.114. Applicant's submission filed on 11/21/05 has been entered. 

10 

Claim Rejections - 35 USC §102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

15 (e) the invention was described in (1) an application for patent, published under section 

122(b), by another filed in the United States before the invention by the applicant for 
patent or (2) a patent granted on an application for patent by another filed in the United 
States before the invention by the applicant for patent, except that an international 
application filed under the treaty defined in section 351(a) shall have the effects for 

20 purposes of this subsection of an application filed in the United States only if the 

international application designated the United States and was published under Article 
21(2) of such treaty in the English language. 

25 Claims 1-2,6,8,10,12.15-16.18-19,23.25,27,29.32-33,35-36.40,42,44.46, and 49-50 are 

rejected under 35 U,S.C. 102(e) as being anticipated by Bots. U.S. Patent Application No. 
6,226.748. 

As per claims 1,18. and 35, the applicant discloses a method of controlling information 
30 flow through a firewall comprising the following limitations which are met by Bots: 

a) determining a first incoming packet community set (PCS) of a first data packet 
received on an interface of said firewall (Col 7, lines 1-6); 
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b) discarding said first data packet in response to detecting said PCS is not a subset of 
an interface community set (IPCS) of said interface (Col 8, lines 2-4); 

processing said first data packet in response to detecting said first incoming PCS is a 
subset of said IPCS, wherein said processing comprises: 
5 c) matching said first data packet to a first rule of a plurality of rules of said firewall (Col 7, 

lines 1-19); 

d) comparing said first incoming PCS to a second incoming PCS specified by the first rule 
(Col 7. lines 1-19); 

e) changing the first incoming PCS in the first data packet to an outgoing PCS specified 
10 by the first rule, in response to determining the first incoming PCS matches the second incoming 

PCS (Col 7, lines 1-19). 

f) comparing said outgoing PCS with a destination community set of said first data 
packet, prior to transmitting the first data packet to said destination community (Col 7, line 56 to 
Col 8. line 14; Fig 4); 

15 g) discarding said first data packet in response to detecting said outgoing PCS is not a 

subset of said destination community set (Col 8, lines 2-4); 

h) further processing said first data packet in response to detecting said outgoing PCS is 
a subset of said destination community set (Col 7, line 56 to Col 8, line 14). 

20 As per claims 2,10,19,27,36, and 44, the applicant discloses the method of claims 

1,9.18,26,35, and 43, which are met by Bots, with the following limitation which is also met by 
Bots: 

Wherein said determining comprises determining a source network address community 
set (NACS) of said first data packet (Col 6, lines 34-38; Col 7, lines 1-6). 



As per claims 6,23, and 40, the applicant describes the method of claims 5,22, and 39, 
which are anticipated by Bots, with the following limitation which is also met by Bots: 
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Wherein said processing further comprises discarding the first data packet, in response 
to determining the first incoming PCS does not match the second incoming PCS (Col 7, lines 14- 
16). 



5 As per claims 8,25. and 42, the applicant describes the method of claims 6,23, and 40, 

which are met by Bots, with the following limitation which is also met by Bots: 

Wherein changing said first incoming PCS to the outgoing PCS is in further response to 
determining that said first rule includes the action of forwarding said first data packet (Col 7, lines 
1-19). 

10 

As per claims 12,29, and 46, the applicant describes the method of claims 1.18, and 35, 
which are met by Bots, with the following limitations which are also met by Bots: 

a) transmitting said first data packet via an output interface of said firewall in response to 
detecting said outgoing PCS is a subset of the interface community set (IPCS) of said output 

1 5 interface (Col 6, lines 34-46); 

b) discarding said first data packet in response to detecting said second PCS is not a 
subset of said IPCS (Col 8, lines 2-4); 



As per claims 15,32, and 49, the applicant describes the method of claims 1,18, and 35, 
20 which is met by Bots, with the following limitation which is also met by Bots: 

Further comprising consulting a community information base (CIB) (Col 2, lines 62-65); 
The community information base corresponds to lookup tables on the VPN units, which 
identify members of a group by their network addresses, provide services such as compression 
and encryption for authentication purposes, and include information corresponding to the VPN 
25 unit interfaces which allow the compression, encryption, and authentication rules of one VPN unit 
to be recognized by another. 
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As per claims 16,33, and 50, the applicant describes the method of claims 15,32. and 49, 
which are met by Bots, with the following limitation which is also met by Bots: 

Wherein said CIB includes community set information corresponding to network 
addresses, network services, and interfaces (Col 2, lines 62-65). 

5 

Claim Rejections - 35 (JSC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
10 described as set forth in section 102 of this title, if the differences between the subject 

matter sought to be patented and the prior art are such that the subject matter as a whole 
would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 

15 



Claims 3,11,20,28,37, and 45 are rejected under 35 U.S.C. 103(a) as being unpatentable 
by Bots in view of McNeill, U.S. Patent No. 6,167,052. 



20 As per claims 3,11 ,20,28,37, and 45, the applicant discloses the method of claim 

1,9,18,26,35, and 43, which are anticipated by Bots, with the following additional limitation which 
is met by McNeill. 

Wherein said determining comprises determining a source network service community 
set (NSCS) of said first data packet (McNeill: Abstract); 

25 The applicant describes the NSCS as identifying the source and destination by link layer 

addressing or a similar layering protocol (Applicant: Page 26). Bots discloses all the limitations of 
claims 1,9,18,26,35, and 43 and the use of identifying a source by its address, but fails to 
disclose the use of determining a source by link layer addressing or similar layering protocol. 
McNeill discloses a system similar to Bots' and the applicant's in which connectivity is established 

30 in a network based on source and destination link layer addresses. It would have been obvious 
to one of ordinary skill in the art at the time the invention was filed to incorporate the ideas of 
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McNeill with those of Bots and determine a source and destination from link layering addressing 
as another means to determine the source and destination of a data packet. 

Claims 4.13.21,30.38, and 47 are rejected under 35 U.S.C. 103(a) as being unpatentable 
5 by Bots in view of Kidambi, U.S. Patent No. 6.424,626. 

As per claims 4,13,21,30,38, and 47. the applicant discloses the method of claims 
1,12.18.29,35. and 46, which are met by Bots. with the following limitation which is met by 
Kidambi: 

10 Wherein said incoming PCS is encoded in a header of said first data packet, and wherein 

said determining comprises decoding said incoming PCS from said header of said first data 
packet (Kidambi: Col 25, line 53 to Col 26. line 3 and Bots: Fig 6); 

Bots discloses all the limitations of the claim except for the limitation that the source and 
destination addresses are decoded from the header. Kidambi discloses the idea of encoding the 

15 source and destination addresses in the header. It would have been obvious to one of ordinary 
skill in the art at the time the invention was filed to encode the source and destination addresses 
in the header of a data packet because doing so is a commonly accepted method of effectively 
transmitting the source and destination addresses. 

20 Claims 14,17.31,34,48, and 51 are rejected under 35 U.S.C. 103(a) as being 

unpatentable by Bots in view of Kisor. U.S. Patent No. 6.266.773. 

As per claims 14.17.31,34,48. and 51, the applicant describes the method of claims 
13,12,30,29,47, and 46, which are met by Bots, with the following limitation which is met by Kisor: 
25 Further comprising recording an event corresponding to said first data packet in response 

to detecting said outgoing PCS is not a subset of said destination community set (Col 3, lines 42- 
67); 
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Bots discloses all the limitations of claims 13,12,30,29.47. and 46. However. Bots fails to 
disclose the use of recording an event in a security log. The use of a security log for recording an 
event is disclosed by Kisor in a computer security system. It would have been obvious to one of 
ordinary skill in the art at the time the invention was filed to incorporate the ideas of Kisor with 
5 those of Bots and add a security log for recording an event for extra security and monitoring in the 
system. 



Response to Arguments 

Applicant's arguments, see Remarks, filed 11/21/05, with respect to the 112, first 
10 paragraph rejection of claims 1-4,6,8-21,23.25-38,40, and 42-51 have been fully considered and 
are persuasive. Applicant has noted that the term "PCS" should be taken as a more general term 
for both an "incoming PCS" and an "outgoing PCS". The 112. first paragraph, rejection has been 
withdrawn. The objection to the Specification, based on the rejection, has been withdrawn 
accordingly. 

15 

Applicant's arguments with respect to the 102(e) rejection of claims 1,2,5-10,12,15-16,18- 
19,22-27,29,32-33,35-36,39-44,46.49-50 under Bots have been fully considered but they are not 
persuasive. Applicant argues that Bots does not meet the bolded portion of the claimed limitation 
presented below: 

20 "comparing said outgoing PCS with a destination community set of said first data packet, 

prior to transmitting the first data packet to said destination community". Applicant argues 
that the disclosure cited in the previous action (Bots, col 7, line 56 to Col 8, line 4) describes 
processing which takes place upon receipt of a packet at the destination. Examiner respectfully 
disagrees. 

25 Bots discloses a method of controlling information flow. Referring to Fig 2. an end station 

(e.g. 211,212,213) may want to transfer a data packet to a destination (e.g. 201,202.203). VPN 
Units (252,250) control information flow. Specifically, a data packet from an end station 
(211,212,213) may pass through a first VPN Unit (e.g. 252) where it is processed (Col 7, lines 45- 
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52). After the packet is processed it is forwarded toward the destination address over the Internet 
(Col 7, lines 52-55). 

Before the packet is delivered to its destination, it may be processed again at a second 
VPN Unit (e.g. 250) (Col 7. line 56 to Col 8. line 14). At the second VPN Unit, the outgoing PCS 
5 of the packet is compared with a destination community set. Finally, the packet at the second 
VPN Unit will either be sent to the destination community (Col 8, lines 12-14) or discarded. 

Thus, it is quite clear from the above that Bots meets the limitation "comparing said 
outgoing PCS with a destination community set of said first data packet, prior to transmitting the 
first data packet to the destination community". Accordingly, the rejection is maintained. 



This action is made non-final. 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Kevin Schubert whose telephone number is (571) 272-4239. The examiner 
15 can normally be reached on M-F 7:30-6:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571 ) 272-3865. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 



20 Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR system, 
see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



10 



Conclusion 



Information regarding the status of an application may be obtained from the Patent 



25 
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